This is something which I have been concluding for the last years: people in cybersecurity don’t protect themselves. Possibly an over generalization, but today I got a confirmation for that though:
This week there was a debate on television with high profile people about cybersecurity, including people from the military and academia. Throughout the debate they seemed to scratch only the surface of the privacy debate, and when questioned about what the individual citizen can do about it, all of them struggled to answer and took the conversation elsewhere.
Here is the debate (in PT, though)
It seems that cybersecurity is more about attacking and defending organizations, particularly companies. The structures that have the funds to pay for security. But the whole society is left out of the debate, unfortunately.
True, security (privacy was recently added to this equation too thanks to GDPR) is often seen as something for big companies/ organisations. And I also observed how most in cybersecurity don’t care about privacy. I would not be surprised if they actually did not know much about privacy. Security isn’t equivalent to privacy. One can be secure but not private. On the other hand, one cannot be private but not secure. If you are not secure, you are not private! This may be the reason behind the lack of interest. Folk who are concerned about their privacy have no option but to worry about their security as well. The same doesn’t really apply to those who are only worried about their security.
I guess they don’t care about it because they don’t consider it a threat. Or they don’t consider themselves a target.
But I’ll have to disagree from you. Privacy is about information control. On the individual level, the less information any potential attacker has about a target and the harder it is to get, the safer that individual is. Especially because of social engineering attacks. If we expose tons of details of our private life, it is extremely easy for anyone to manipulate us into being friends with them. They just need to randomly appear in our lives and talk about our interests, for instance. [Not saying we shoud be afraid of people becoming friends with us, but it certainly makes it easier for people with interests to be “friends” with us and potentially make us harm]
Information’s power is very contextual. Private information about us today might not be able to affect us today, but if we ever are in a vulnerable position then that information that we didn’t care much about, might turn out to be quite powerful.
So I think you cannot have security without privacy not privacy without security. I just guess cybersecurity people fail to see if from this angle. It’s a shame
